The present invention relates to methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management.
A trend in modern computer networking, web-, and cloud-computing, is to rely on public, group, or virtualized resources. The IT (information technology) marketplace offers public, private, and hybrid solutions for “virtualization” and “cloud computing.” This growing trend is occurring at many levels: infrastructure, platform, and software.
A recurring problem hampering such solutions is the fact that “virtualized” and/or “cloud” solutions are by their very nature non-secured and distributed. The resources may be physically owned by different entities other than the users, or may be shared among multiple users (having existing security, privacy, and trust concerns). This may occur within one legal entity or among different entities.
For example, a file may be saved in a network “storage cloud.” Since the storage cloud is a shared resource, a user is entrusting his/her data to a resource that is to routinely accessed by many other users, over which the user has no control at all.
Vendors of cloud and virtualization solutions provide various mechanisms (e.g. authentication, authorization, and virtual private networks) to ameliorate this state of affairs. Such approaches are significant but incomplete. Such mechanisms do not solve various important problems (e.g. encryption at rest, single point for security handling, key management, and requiring the user to trust the provider, the provider's implementation, or the provider's staff).
Of course, one solution for the security-conscious consumer is to avoid shared resources altogether. However, such an option is an unpleasant choice for the user, since modern shared resources provide many economic, operational, and technical benefits.
It would be desirable to have methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management. Such methods, devices, and media would, inter alia, overcome the limitations mentioned above.